Re: Issue in configuring Active Directory with Win...

ItronUser · ‎Nov 04, 2010

Hi All,

I am configuring Active Directory with Windchill 9.1 M050.

I followed steps mentioned in TPI - 135027.

When that didn't work I tried using some additional properties but with no luck.

Everytime I start MS I keep getting following error and MS shuts down.

Wed 11/3/10 22:20:03: main: ERROR : wt.intersvrcom - Initializing StandardInterSvrComService

Wed 11/3/10 22:20:03: main: (wt.pom.pomResource/0) wt.pom.PersistenceException: A persistence error occurred. System message follows:

Wed 11/3/10 22:20:03: main: Nested exception is: wt.util.WTException: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

I thought it to be Authentication Exception from error code but with same credentials I can connect to Active Directory using open source LDAP browser like JEXplorer.

I am kind of getting lost now, as to what is amiss in the configuration.

Let me know if any one has faced something similar.

Regards,

Sameer

zhangstefanie · ‎Apr 07, 2011

The windchill system must run with Aphelion or WindchillDS , although you have configurated the connection of active directory server. So you should read the advanced install and configuration guide again.

PatrickLee · ‎Apr 12, 2011

Zhang is correct. Windchill needs a middleware piece to connect it to a Microsoft Active Directory server / Service. You need to configure the application to work either with Aphelion or WindchillDS (Windchill Directory Services). Once you have either of these two installed, You will then need to configure adapters via the Info*Engine administration. Then if you want to have users login via their AD credentials you will then need to configure apache to authenticate agianst AD via a LDAP URL connection string.

Let me know if you need any more help.

- Patrick

PreetiGupta · ‎Apr 13, 2011

Yes the JNDI Adapter is needed first to talk to active directory and then Apache configuration to point to Active directory service account.

RohanKalbhor · ‎Jun 06, 2011

Sameer,

From your error it seems that the AD user with which you are trying to confugure the JNDI adapter has wrong credentials. Check the DN of the user and the password. An see if app-windchill-auth.conf is created correctly with thise credentials.

alexknelson · ‎Dec 12, 2011

Do any of you know a way to have Windchill not only reference AD for ldap, but also to reference AD security groups?

ptc-3143537 · ‎Dec 12, 2011

http://ist.uwaterloo.ca/security/howto/2005-12-20/

AuthLDAPGroupAttributeIsDN on

require ldap-group <group dn>

This what you need?

My guess for PDMLink is then you add this additional requirements constraint per URL needed so in some cases everyone has access to a certain part of Windchill, but then the security group kicks in on forwarding to other parts of app?

Dave

alexknelson · ‎Dec 12, 2011

Thanks, I will check out the solution proposed at your link.

alexknelson · ‎Dec 13, 2011

After taking a closer look, I don't think that will work as it doesn't account for Tomcat.

Issue in configuring Active Directory with Windchill 9.1 M050

Issue in configuring Active Directory with Windchill 9.1 M050